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1.0  GENERAL  -  This  document  constitutes  the  Subsystem  Hazard 

Analysis  (SSHA)  for  the  C-130  Self-Contained  Navigation 
System  (SCNS)  installation.  It  provides  a  safety  assessment 
of  the  SCNS  installation.  - 

1.1  PURPOSE  -  lAW  MIL-STD-882A,~ the  purpose  of  an  SSH  is  to 
evaluate  the  parts  making  up  a  system  for  items  that  could 
adversely  affect  the  system  safety  through  component 
failure,  perfoirmance  degradation,  functional  failure  and 
inadvertent  operation.^ 

1.2  SCOPE  -  The  scope  of  this  analysis  foi'  Data  Item  0103  is 

limited  to  the  SCNS  installation  task'~^A-kit'*^components 
(viz.  wiring  harness,  brackets,  racks  control  panels,  relay 
boxes,  circuit  breakers),  '*B-kit'^  components  (viz.  ICDUs, 
BICU,  DVS,  INU),  and  the  physical  interfaces  with  existing 
equipment  (viz.  CAOC  or  Sensors,  Radar,  Air  Data  Sensors. 
These  items  will  be  analyzed  in  respect  to  safe 
installation,  safe  hardware,  and  safe  usage  (viz. 
installation,  removal,  in-place  test,  and  handling).  No 
system  Functional  aspects  are  analyzed.  /  ’ 

2.0  APPLICABLE  DOCUMENTS  - 


2.1 


GOVERNMENT  DOCUMENTS  -  The  following  documents  of  the  exact 
issue  shown  are  used  in  the  preparation  of  this  analysis  and 
report . 


MIL-STD-882A 


D-H-7048 

DHl-6  (Edition  5) 
SOW 


System  Safety  Program 
Requirements  (paragraph 
5. 5. 1.2). 


System  Safety  Hazard  Analysis 
Report  (paragraph  10.2.2). 

System  Safety  Design  Handbook 


84-MMSRE-004-C-130SCNS  C-130  Modification  Self-Contained 

Navigation  System  (SCNS),  State¬ 
ment  of  Work  for 


84-MMSRE-009-C-130  Self-Contained  Navigation  System 

(SCNS),  Integration,  Fabrication 
and  Installation  and  Test  of, 
C-130  Aircraft 


UAMMOLlfl  INC 
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-  A  ~..r  •-»  •  J  .*.•  ■  ' 


Report  No.  6216-013 
Revision 


OTHER  DOCUMENTS  -  See  table  II  and  III. 

SYSTEM  DESCRIPTION 

GENERAL  DESCRIPTION  -  The  SCNS  is  comprised  of  a  Doppler 
Velocity  Sensor  (DVS),  Inertial  Navigation  System  (INS), 
Integration  Computation  and  Display  System  (ICDS),  and  the 
associated  installation  Group  A  kit  to  provide  doppler  aided 
INS  navigation,  INS  only,  Doppler  only  and  TAS/HDG  navigation 
modes,  and  control  of  the  various  C-130  communication/ naviga¬ 
tion  (comm/nav)  systems.  The  SCNS  ICDS  consists  of  three 
Integrated  Control  Display  Units  (ICDU)  and  one  Bus  Integra¬ 
tion  Computer  Unit  (BICU)  for  all  C-130  aircraft  except  that 
the  HC-130H  will  have  an  additional  ICDU  for  the  radio 
control.  A  block  diagram  is  shown  in  figure  1. 

In  conjunction  with  the  SCNS  installation,  the  following 
system/components  will  be  removed  from  the  various  C-130 
configurations . 

AN/APN-147  Doppler 
AN/ASN-35  Doppler  Computer 
ARN-131  Omega 

AN/ASN-24  OR  PINS  (C-130E  AWADS  only) 

Radio  controls  for 

AN/ARC-164  UHF  (one  control  retained) 

AN/ARC- 186  VHF 
AN/ARC-190  HF 
AN/ARN-118  TACAN 
AN/ARN-127  VOR/ILS 
USAF  Standard  VOR/ILS 

The  communication  and  navigation  radio  control  functions 
will  be  assumed  by  the  ICDUs  except  during  an  emergency  use 
of  a  UHF  backup  manual  control  head. 

MAJOR  COMPONENTS  -  A  list  of  major  components  is  provided 
in  table  I. 

ICDS  -  The  ICS  consists  of  two  major  components:  the  Integrated 
Control  Display  Unit  (ICDU)  and  the  Bus  Integration  Computer 
Unit  (BICU) .  All  aircraft  configurations  utilize  fully 
interchangeable  ICDUs:  pilot's,  co-pilot's,  navigator's  and 
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Table  I.  Major  Component  List 


MODEL  NO. 

GROUP 

DESCRIPTION 

LOCATION 

A 

B 

LSI-2580F 

Integrated  Control 
Display  Unit 

Left  side  forward  on 
center  console  for 
pilot.  Right  side  for¬ 
ward  for  co-pilot.  Nav 
panel  for  navigator. 

Radio  operator's  panel 
for  HC-130. 

LSI-2905A 

■ 

V 

Bus  Interface  Computer 
Unit 

New  equipment  rack. 

LSI-2905B 

1 

V 

Bus  Interface  Computer 
Unit  with  Added  Radar 
Interface  Card  (AWADS) 

New  equipment  rack. 

LSI-2590A 

APN-2ia 

■ 

V 

Doppler  Velocity  Sensor 

Belly  of  aircraft 

SNU  84-1 

■ 

GFE 

Inertial  Navigation 
Sensor 

Aircraft  floor  below 
new  equipment  rack 

- 

V 

■ 

Electrical  A-Kit 

Several  variations 

- 

V 

■ 

Mechanical  A-Kit 

Several  variations 

" 

V 

■ 

Flight  Director  Mode 
Select  panel  modifica¬ 
tions 

Instrument  Panel  (also 
a  panel  on  the  pedestal 
for  C-130B) 

- 

V 

SCNS  Control  Panel 

Nav  Station 

- 

V 

INU  Battery 

Battery  Compartment 

kUAMOLtfl  tNC 
WHTWMHWT  OWmON 


A  jf 


M-  4'*^  XI 
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radio  operator's  (HC-130H).  Jumper  wires  in  the  the  aircraft 
installation  indicate  its  particular  station  location  to  each 
ICDU.  One  basic  BICU  design  is  utilized  in  all  SONS  configu¬ 
rations  with  the  exception  of  the  BICU  for  the  AWADS  aircraft. 
It  adds  a  third  circular  connector  and  SRUs  for  the  radar 
interface.  Connector  junker  wires  indicate  to  the  BICU  into 
which  aircraft  model  it  is  installed. 

3.2.2  INS  -  The  Inertial  Navigation  System  (INS)  consists  of  three 
major  components:  the  Inertial  Navigation  Unit  (INU),  the  INU 
mount,  and  the  SCNS  battery  subsystem.  The  SCNS  INU  conforms 
to  requirements  of  of  the  SNU  84-1  and  SNU  84-3 
specifications . 

3.2.3  DVS  -  Doppler  Velocity  Sensor  (DVS)  consists  of  the  APN-218 
Air  Force  Standard  Doppler.  The  DVS  provides  basic  navigation 
inputs  for  SCNS  independent  doppler  navigation  capability  and 
for  integrated  INS/Doppler  capability. 

3.3  SYSTEM  FUNCTIONS  -  The  SCNS  primary  function  is  to  provide 
highly  accurate  and  reliable  self-contained  navigation 
capability  for  the  MAC  C-130  Tactical  Airlift  Operations. 

These  missions  and  operations  are  defined  in  MACR  55-130, 
Military  Airlift  Command  Regulation. 

3.3.1  MAJOR  FUNCTIONS  -  The  SCNS  provides  the  following  major 
functions . 

□  Navigation  modes  and  position  update  capability. 

□  Integrated  control  and  display  of  navigation, 
comnunications ,  guidance,  and  steering  functions. 

□  Aircraft  guidance  and  steering  -  including  flight  plan, 
time  of  arrival,  CARP,  SAR,  and  rendezvous. 

3.3.2  SECONDARY  FUNCTIONS  -  Additional  features  are  provided  to 
improve  performance,  reduce  crew  workload,  and  minimize 
aircraft  maintenance  time.  Specifically,  these  are: 

□  TACAN  mixing  to  improve  navigation  accuracy. 

□  CARP  capability  that  will  reduce  crew  workload  and 
increase  mission  flexibility. 

□  Simple,  accurate,  and  quick  magnetic  compass  calibration 
procedures . 


LiMtiMkiii.  me 
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A-KITS  -  The  "A"  kits  consists  of: 

□  The  interconnecting  cables  between  added  LRUs. 

□  The  interconnecting  cables  and  modifications  to  cables 
connecting  existing  LRUs. 

a  Mounting  trays  and  hardware. 

□  Sheet  metal  work  as  required. 

□  Control  panels 

□  Blank  panels 

□  Annunciator  lights 

□  Pressure  sensors 

□  Circuit  breaker  changes  and  additions . 

SAFETY  CRITERIA  -  Certain  safety  criteria  lAW  MIL-STD-882A 
are  followed  in  the  SSHA. 

SYSTEM  SAFETY  PRECEDENCE  -  Any  items  detected  as  fitting 
into  hazardous  categories  are  treated  in  the  following  order 

a.  Redesign  to  eliminate  the  hazard,  if  possible. 

b.  Change  operating  procedure  to  eliminate  or  reduce 
occurrence . 

c.  Provide  training  recommendations  to  allow  personnel  to 
safely  work  in  the  presence  of  the  hazard. 

d.  Label  or  placard  hazards  and  provide  inputs  to  manuals. 

HAZARD  LEVEL  CATEGORIES  -  (Criticality  definitions)  For  the 
purpose  of  the  hazard  analysis,  the  hazards  will  be  defined 
and  categorized  lAW  the  criticality  definitions  set  forth 
below  (ref.  MIL-STD-882A,  para.  5.4.3. 1). 

HAZARD  SEVERITY  -  Hazard  severity  categories  are  defined  to 
provide  a  qualitative  measure  of  the  worst  potential 
consequences  resulting  from  personnel  error,  environmental 
conditions,  design  inadequacies,  procedural  deficiencies, 
system,  subsystem  or  component  failure  or  malfunction  as 
follows : 


UM  tlMLlfllMC 
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a.  CATEGORY  I  -  Catastrophic  -  May  cause  death  or  system 
loss . 

b.  CATEGORY  II  -  Critical  -  May  cause  severe  injury,  severe 
occupational  illness,  or  major  system  damage. 

c.  CATEGORY  III  -  Marginal  -  May  cause  minor  injury,  minor 
occupational  illness,  or  minor  system  damage. 

d.  CATEGORY  IV  -  Negligible  -  Will  not  result  in  injury, 
occupational  illness,  or  system  damage. 

4.2.2  HAZARD  PROBABILITY  -  The  probability  of  the  defined  hazard 

occurring  is  based  on  a  qualitative  judgement  for  the  purpose 
of  this  hazard  analysis .  The  probability  levels  quoted  here 
are  from  MIL-STD-882A,  Para.  5. 4. 3. 2. 


LEVEL 

SPECIFIC  INDIVIDUAL 

ITEM 

FLEET  OR 

INVENTORY 

Frequent 

m 

Likely  to  occur  frequently 

Continuously  experienced 

Reasonably 

Probable 

B 

Will  occur  several  times  in 
life  of  an  item 

Will  occur  frequently 

Occasional 

C 

Likely  to  occur  sometime  in 
life  of  an  item 

Will  occur  several  times 

Remote 

0 

So  unlikely,  it  can  be 
assumed  that  this  hazard 
will  not  be  experienced 

Unlikely  to  occur  but 
possible 

Extremely 

Improbable 

E 

Probability  of  occurrence 
cannot  be  distinguished  from 
zero 

So  unlikely,  it  can  be 
assumed  that  this  hazard 
will  not  be  experienced 

Impossible 

F 

Physically  impossible  to 
occur 

Physically  impossible  to 
occur 

5.0  HAZARD  ANALYSIS  -  The  sources  of  data  for  the  SSHA  are  the 

drawings  for  the  installation  kits,  the  wiring  interconnects 
interface  control  drawings,  the  panel  and  console  modifications 
the  "B"  component  outline  drawings,  system  block  diagrams, 
grounding  and  shielding  diagrams,  process  specifications  and 
test  procedures.  At  the  time  of  preparation  of  this  report, 
most  of  the  source  data  was  in  preliminary  form. 


KM  nfoil*  INC 
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Data  references  are  given  in  table  II  and  III.  Any  items 
found  during  the  review  of  those  data  are  listed  on  SSHA 
matrix  sheets.  Where  comments  are  applicable  only  to 
specific  models,  they  will  be  so  annotated.  Most  source 
information  is  very  preliminary,  therefore,  listed  items  are 
quite  tentative  and  subject  to  change  in  later  submittals. 

SSHA  MATRIX  SHEETS  -  These  sheets  are  used  to  list  potential 
hazards,  effects  on  the  system  and  remedial  steps  to  be 
taken. 

SUMMARY  -  At  this  writing,  two  items  were  rated  in  Category  II, 
Critical.  Both  items  are  still  in  the  design  phase  and  the 
concerns  are  being  considered  in  respect  to  the  final 
solution.  These  are: 

(1)  The  method  of  connecting  up  the  added  INS  aircraft 
battery  so  that  a  dead  battery  doesn't  draw  full 
current  from  the  bus.  It  would  also  seem  desirable 
to  make  this  battery  available  for  other  emergency 
aircraft  use.  (Non  availability  can  not  technically 
be  considered  a  hazard  since  no  second  battery  is 
presently  available). 

(2)  Certain  internal  or  circuit  failures  could  cause 
the  ICDU  CRT  to  bloom  to  high  brightness.  If  this 
were  to  occur  to  the  pilot's  CRT  during  night 
landing  or  night  formation  flight,  it  could  probably 
have  serious  consequences .  The  failure  probability 
is  low  and  the  percent  time  it  could  occur  and 
present  a  hazard  is  low.  The  possible  problem  is 
being  analyzed  and  probabilities  will  be  computed. 

If  simple  effective  circuitry  can  be  added,  it  will 
also  be  considered. 

No  inherent  safety  problems  are  evident  in  the  "A" 
Group  installation.  Many  implementation  details 
are  yet  to  be  checked  as  the  design  is  approved  at 
CDR  and  the  final  drawings  are  prepared.  When 
these  data  are  firm  enough  to  represent  the  final 
product,  this  analysis  will  be  updated. 
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Table  III.  Specifications  and  Documents  Reviewed  (Continued) 


Table  III.  Specifications  and  Documents  Reviewed  (Continued) 


No  VOR  NAV 
ability 

Loss  of  all  SNCS 
functions.  Loss 
of  all  SCNS  con¬ 
trolled  radios 
(UHF  #I  available 
through  sianual 
control) 

1  Loss  UHF  |i  as 
Iwell  as  all  other 
COMB  radios 

1 
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CLASS:  I  CATASTROPHIC  LEVEL:  A  -  FREQUENT  E  -  EXTREMELY  IMPROBABLE 

If  CRITICAL  B  -  REASONABLE  PROBABLE  F  -  IMPOSSIBLE 

III  marginal  C  -  OCCASIONAL 

IV  NEGLIGIBLE  0  -  REMOTE 


